Kibana MCP Server

Create a powerful Model Context Protocol (MCP) server for Kibana in minutes with our AI Gateway. This guide walks you through setting up seamless data visualization and exploration integration with enterprise-grade capabilities and instant API authentication.

About Kibana API

Kibana is a data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence use cases. It provides powerful and easy-to-use features such as histograms, line graphs, pie charts, heat maps, and built-in geospatial support.

Key Capabilities

• Data Visualization: Create interactive dashboards
• Discover: Explore and search data
• Canvas: Create pixel-perfect presentations
• Maps: Visualize geospatial data
• Machine Learning: Detect anomalies and patterns
• Alerting: Set up notifications for data conditions
• Security: User authentication and authorization
• Spaces: Organize dashboards and visualizations

API Features

• Saved Objects API: Manage dashboards, visualizations, and searches
• Dashboard API: Create and manage dashboards
• Visualization API: Build custom visualizations
• Index Pattern API: Configure data sources
• Spaces API: Multi-tenancy support
• Security API: User and role management
• Alerting API: Configure alerts and actions
• Reporting API: Generate PDF and CSV reports

What You Can Do with Kibana MCP Server

The MCP server transforms Kibana API into a natural language interface, enabling AI agents to:

Dashboard Operations

• Dashboard Management

  • "Create a new dashboard for sales metrics"
  • "Update dashboard layout"
  • "Export dashboard configuration"
  • "Clone existing dashboard"

• Dashboard Queries

  • "Show all dashboards in the monitoring space"
  • "Find dashboards created last week"
  • "List dashboards by user"
  • "Get dashboard details"

Visualization Operations

• Create Visualizations

  • "Create a bar chart for order counts"
  • "Build a pie chart for category distribution"
  • "Generate a line graph for revenue trends"
  • "Create a heat map for geographic data"

• Manage Visualizations

  • "Update visualization colors"
  • "Modify chart aggregations"
  • "Export visualization"
  • "Share visualization settings"

Data Exploration

• Discover Queries

  • "Search logs for errors in the last hour"
  • "Find transactions over $1000"
  • "Filter data by date range"
  • "Export search results"

• Index Patterns

  • "Create index pattern for logs-*"
  • "Update time field mapping"
  • "Refresh field list"
  • "Manage index pattern settings"

Spaces and Organization

• Space Management

  • "Create a new space for the dev team"
  • "Move dashboards between spaces"
  • "Configure space settings"
  • "Manage space access"

• Saved Objects

  • "Export all saved objects"
  • "Import dashboard configuration"
  • "Bulk update objects"
  • "Resolve conflicts"

Alerting and Monitoring

• Alert Configuration

  • "Create alert for high CPU usage"
  • "Set up threshold alerts"
  • "Configure notification actions"
  • "Manage alert rules"

• Monitoring

  • "Check cluster health"
  • "View index statistics"
  • "Monitor query performance"
  • "Track user activity"

Prerequisites

• Access to Cequence AI Gateway
• Kibana instance (self-hosted or Elastic Cloud)
• Kibana endpoint URL
• Authentication credentials (if secured)
• Elasticsearch cluster connection

Step 1: Configure Kibana Access

1.1 Kibana Connection

1. Note your Kibana endpoint:
   • Self-hosted: http://localhost:5601
   • Elastic Cloud: https://your-deployment-id.kb.region.cloud-provider.elastic-cloud.com
2. Ensure Kibana is accessible
3. Test connection in browser

1.2 Authentication Setup

Kibana supports multiple authentication methods:

1. Basic Auth: Username and password
2. API Keys: Generate from Kibana UI
3. Token-based: Bearer tokens
4. OAuth 2.0 using external providers (e.g., Okta): Enterprise SSO integration
5. SAML: Security Assertion Markup Language

1.3 OIDC Authentication with Okta

For enterprise deployments requiring Single Sign-On (SSO), configure OIDC authentication with Okta:

Step 1: Configure Okta Application

1. Create a new Web Application in Okta
2. Configure the following settings:
   • App integration name: "Your App Name" (e.g., "Kibana OAuth2")
   • Application type: Web
   • Grant Types:
     • Authorization Code
     • Refresh Token
     • Client Credentials (if needed)
   • Sign-in redirect URIs:
     • https://your-kibana-url/api/security/oidc/callback
     • https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback
   • Sign-out redirect URIs: http://localhost:8080
   • User consent: Require consent (optional)
3. Note your Client ID (e.g., your-client-id)
4. Generate and save Client Secret

Step 2: Configure Elasticsearch OIDC Realm

1. Log in to Elastic Cloud console
2. Navigate to your deployment
3. Click Edit in the left navigation menu
4. Scroll down to the Elasticsearch section
5. Click Edit user settings to modify elasticsearch.yml
6. Add OIDC realm configuration:

xpack.security.authc.realms.oidc.oidc1:
  order: 10
  rp.client_id: "your-client-id"
  rp.response_type: "code"
  rp.redirect_uri: "https://your-kibana-url/api/security/oidc/callback"
  op.issuer: "https://your-okta-domain.okta.com"
  op.authorization_endpoint: "https://your-okta-domain.okta.com/oauth2/v1/authorize"
  op.token_endpoint: "https://your-okta-domain.okta.com/oauth2/v1/token"
  op.jwkset_path: "https://your-okta-domain.okta.com/oauth2/v1/keys"
  op.userinfo_endpoint: "https://your-okta-domain.okta.com/oauth2/v1/userinfo"
  op.endsession_endpoint: "https://your-okta-domain.okta.com/oauth2/v1/logout"
  claims.principal: "sub"
  claims.groups: "groups"

7. Click Save at the bottom of the page to apply changes and restart the deployment

Step 3: Configure JWT Realm

Configure JWT realm for API authentication:

xpack.security.authc.realms.jwt.jwt1:
  order: 2
  client_authentication.type: none
  allowed_issuer: "https://your-okta-domain.okta.com/oauth2/default"
  allowed_audiences: ["api://default", "your-client-id"]
  allowed_signature_algorithms: ["RS256"]
  pkc_jwkset_path: "https://your-okta-domain.okta.com/oauth2/default/v1/keys"
  claims.principal: "sub"
  claims.groups: "groups"

Step 4: Store Client Secret in Elasticsearch Keystore

# Add client secret to keystore
bin/elasticsearch-keystore add xpack.security.authc.realms.oidc.oidc1.rp.client_secret

Step 5: Configure Kibana User Settings

1. In the same Edit page of your deployment
2. Scroll down to the Kibana section
3. Click Edit user settings to modify kibana.yml
4. Add OIDC configuration:

xpack.security.authc.providers:
  oidc.oidc1:
    order: 0
    realm: "oidc1"
    description: "Log in with Okta"
    icon: "https://www.okta.com/sites/default/files/Okta_Logo_BrightBlue_Medium.png"
  basic.basic1:
    order: 1

This configuration:

• Enables OIDC authentication as the primary method (order: 0)
• Links to the oidc1 realm configured in Elasticsearch
• Provides a user-friendly description and Okta logo
• Keeps basic authentication as a fallback (order: 1)

5. Click Save at the bottom of the page to apply changes and restart the deployment

Step 6: Configure Role Mappings

Map Okta users to Elasticsearch roles to grant access:

1. Open Kibana dev tools or use curl
2. Create a role mapping for the OIDC realm:

PUT /_security/role_mapping/oidc_kibana_mapping
{
  "enabled": true,
  "roles": ["superuser"],
  "rules": {
    "all": [
      { "field": { "realm.name": "oidc1" } },
      { "field": { "groups": "everyone" } }
    ]
  },
  "metadata": {
    "version": 1
  }
}

Note: Adjust the rules to match your specific Okta groups or user claims.

Step 7: Configure Okta Access Policy

1. In Okta, create an Access Policy:

   • Name: "Your Access Policy Name" (e.g., "Gateway Access Policy")
   • Description: "Your policy description" (e.g., "Allow Gateway to access APIs")
   • Assigned to clients: All Clients or specific clients

2. Click Add Rule and configure the following:

   IF Grant type is:

   • Select Authorization Code (required for OAuth 2.0 flow)
   • Optionally select Client Credentials if needed for API access

   AND User is:

   • Any user assigned the app, or
   • Assigned the app and a member of one of the following: (select specific groups if needed)

   AND Scopes requested:

   • Any scopes, or
   • The following scopes: (specify: openid, email, profile)

   THEN Use this inline hook:

   • None (disabled) (default)

   AND Access token lifetime is:

   • 1 Hours (default, adjust as needed)

   AND Refresh token lifetime is:

   • 90 Days (default, adjust as needed)
   • but will expire if not used every: 7 Days (default, adjust as needed)

3. Enter a Rule Name (e.g., "Allow Authorization Code")

4. Set Status: Active

5. Click Create Rule

1.4 Security Best Practices

1. Use HTTPS: Always use TLS/SSL in production
2. Rotate Secrets: Regularly rotate client secrets
3. Least Privilege: Grant minimum required permissions
4. Monitor Access: Track API usage and authentication attempts
5. Secure Storage: Store secrets in Elasticsearch keystore

Step 8: Create MCP Server

Navigate to the AI Gateway, go to Apps > Third-party > Kibana, and click Create MCP Server.

Step 9: Configure API Endpoints

1. Base URL: Your Kibana endpoint
2. Click Select Endpoints to choose which API operations to enable
3. Click Next

Step 10: MCP Server Configuration

1. Name: "Kibana Dashboards"
2. Description: "Data visualization and exploration"
3. Configure security settings
4. Choose deployment options
5. Click Next

Step 11: Configure Authentication

1. Authentication Type: Select OAuth 2.0
2. Configure the Okta details:
   • Authorization URL: https://your-okta-domain.okta.com/oauth2/default/v1/authorize
   • Token URL: https://your-okta-domain.okta.com/oauth2/default/v1/token
   • Client ID: your-client-id
   • Client Secret: Your generated secret
   • Redirect URI: https://auth.aigateway.cequence.ai/v1/outbound/oauth/callback
   • Scopes: openid, email, profile
3. Click Connect to test the authentication
4. Click Create

Available Kibana API Operations

Saved Objects API

• Create Objects

  • Dashboards
  • Visualizations
  • Searches
  • Index patterns

• Manage Objects

  • Get by ID
  • Update objects
  • Delete objects
  • Bulk operations

• Import/Export

  • Export saved objects
  • Import configurations
  • Resolve conflicts
  • Copy between spaces

Dashboard API

• Dashboard Operations

  • Create dashboard
  • Update layout
  • Add visualizations
  • Configure filters

• Dashboard Queries

  • List all dashboards
  • Search dashboards
  • Get dashboard details
  • Clone dashboard

Visualization API

• Visualization Types

  • Area charts
  • Bar charts
  • Line graphs
  • Pie charts
  • Data tables
  • Metrics
  • Tag clouds
  • Heat maps

• Visualization Management

  • Create visualization
  • Update configuration
  • Modify aggregations
  • Set display options

Index Pattern API

• Pattern Management

  • Create index pattern
  • Update time field
  • Refresh fields
  • Delete pattern

• Field Operations

  • List fields
  • Update field format
  • Set field type
  • Configure scripted fields

Spaces API

• Space Operations

  • Create space
  • Update space
  • Delete space
  • List spaces

• Object Management

  • Copy objects between spaces
  • Move saved objects
  • Resolve references
  • Manage access

Alerting API

• Alert Rules

  • Create alert
  • Update rule
  • Enable/disable
  • Delete alert

• Actions

  • Configure notifications
  • Email actions
  • Webhook actions
  • Slack integration

Reporting API

• Report Generation
  • Generate PDF
  • Export CSV
  • Schedule reports
  • Download reports

Step 12: Review and Deploy

1. Review all configuration settings
2. Click Deploy to create your MCP server

Using Your Kibana MCP Server

Setup Instructions:

• Claude Desktop
• Cursor
• Windsurf

Important: Kibana XSRF Header Configuration

When configuring your Kibana MCP server in mcp.json, you must include the kbn-xsrf header for all requests. This header is required by Kibana's security features.

Add the following headers configuration:

"headers": {
  "kbn-xsrf": "true"
}

Example full configuration in mcp.json:

{
  "mcpServers": {
    "kibanaelasticco": {
      "url": "https://your-kibana-mcp-url.com/mcp",
      "headers": {
        "kbn-xsrf": "true"
      }
    }
  }
}

Note: The kbn-xsrf header must be set to "true" (as a string) for all requests to work correctly with Kibana's API.

Natural Language Commands

• "Create a dashboard showing sales trends for the last 30 days"
• "Add a pie chart visualization for product categories"
• "Export all dashboards in the monitoring space"
• "Set up an alert for error rates above 5%"
• "Generate a PDF report of the executive dashboard"

Common Use Cases

Dashboard Management

• Create executive dashboards
• Build operational monitoring views
• Design custom analytics dashboards
• Share dashboards across teams

Data Exploration

• Interactive log analysis
• Time-series data exploration
• Full-text search across indices
• Ad-hoc data investigation

Visualization Creation

• Business intelligence charts
• Real-time metrics displays
• Geographic data visualization
• Custom data presentations

Alerting and Monitoring

• Error rate monitoring
• Performance threshold alerts
• Business metric notifications
• Anomaly detection alerts

Reporting

• Scheduled PDF reports
• CSV data exports
• Executive summaries
• Compliance reports

Best Practices

1. Dashboard Design:

   • Keep dashboards focused and simple
   • Use consistent color schemes
   • Optimize query performance
   • Consider user experience

2. Space Organization:

   • Separate by team or function
   • Use clear naming conventions
   • Manage access appropriately
   • Document space purposes

3. Performance Optimization:

   • Use appropriate time ranges
   • Limit visualization complexity
   • Cache frequently accessed data
   • Monitor query performance

4. Security:

   • Implement role-based access
   • Use spaces for isolation
   • Audit user activities
   • Secure API credentials

5. Maintenance:

   • Regular backup of saved objects
   • Clean up unused dashboards
   • Update index patterns as needed
   • Monitor Kibana health

Troubleshooting

Common Issues

1. Authentication Errors

   • Verify OIDC configuration in Elasticsearch
   • Check client secret in keystore
   • Validate Okta application settings
   • Test redirect URIs
   • Ensure Kibana configuration matches Elasticsearch realm

2. Dashboard Loading Issues

   • Check Elasticsearch connectivity
   • Verify index pattern exists
   • Review time range settings
   • Check user permissions
   • Monitor browser console for errors

3. Visualization Problems

   • Verify field mappings
   • Check aggregation syntax
   • Review index data
   • Test query performance
   • Validate data types

4. API Connection Issues

   • Verify Kibana URL
   • Check network connectivity
   • Validate API credentials
   • Test with curl/Postman
   • Review Kibana logs

5. Space and Object Issues

   • Check space permissions
   • Verify object references
   • Resolve import conflicts
   • Review space configuration
   • Validate object types

Getting Help

• Documentation: AI Gateway Docs
• Support: support@cequence.ai
• Kibana Docs: elastic.co/guide/kibana
• Elastic Community: discuss.elastic.co

Additional Resources

Okta Integration

• Okta OpenID Connect
• Elasticsearch OIDC Realm
• Kibana OIDC Authentication

Kibana Resources

• Kibana API Reference
• Saved Objects API
• Dashboard API
• Alerting API

---